A light weight http(s) proxy server in C#.NET
C# PowerShell Batchfile
Latest commit a46dad3 Dec 11, 2016 @justcoding121 Fix merge



A light weight http(s) proxy server written in C#

Build Status

Kindly report only issues/bugs here . For programming help or questions use StackOverflow with the tag Titanium-Web-Proxy.

alt tag


  • Supports Http(s) and most features of HTTP 1.1
  • Support redirect/block/update requests
  • Supports updating response
  • Safely relays WebSocket requests over Http
  • Support mutual SSL authentication
  • Fully asynchronous proxy
  • Supports proxy authentication


Refer the HTTP Proxy Server library in your project, look up Test project to learn usage.

Install by nuget:

For beta releases on beta branch

Install-Package Titanium.Web.Proxy -Pre

For stable releases on stable branch

Install-Package Titanium.Web.Proxy

Setup HTTP proxy:

            var proxyServer = new ProxyServer();

            //locally trust root certificate used by this proxy 
            proxyServer.TrustRootCertificate = true;

            proxyServer.BeforeRequest += OnRequest;
            proxyServer.BeforeResponse += OnResponse;
            proxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
            proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;

            //Exclude Https addresses you don't want to proxy
            //Usefull for clients that use certificate pinning
            //for example dropbox.com
            var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)
                // ExcludedHttpsHostNameRegex = new List<string>() { "google.com", "dropbox.com" }

            //An explicit endpoint is where the client knows about the existance of a proxy
            //So client sends request in a proxy friendly manner

            //Transparent endpoint is usefull for reverse proxying (client is not aware of the existance of proxy)
            //A transparent endpoint usually requires a network router port forwarding HTTP(S) packets to this endpoint
            //Currently do not support Server Name Indication (It is not currently supported by SslStream class)
            //That means that the transparent endpoint will always provide the same Generic Certificate to all HTTPS requests
            //In this example only google.com will work for HTTPS requests
            //Other sites will receive a certificate mismatch warning on browser
            var transparentEndPoint = new TransparentProxyEndPoint(IPAddress.Any, 8001, true)
                GenericCertificateName = "google.com"

            //proxyServer.UpStreamHttpProxy = new ExternalProxy() { HostName = "localhost", Port = 8888 };
            //proxyServer.UpStreamHttpsProxy = new ExternalProxy() { HostName = "localhost", Port = 8888 };

            foreach (var endPoint in proxyServer.ProxyEndPoints)
                Console.WriteLine("Listening on '{0}' endpoint at Ip {1} and port: {2} ",
                    endPoint.GetType().Name, endPoint.IpAddress, endPoint.Port);

            //Only explicit proxies can be set as system proxy!

            //wait here (You can use something else as a wait function, I am using this as a demo)

            //Unsubscribe & Quit
            proxyServer.BeforeRequest -= OnRequest;
            proxyServer.BeforeResponse -= OnResponse;
            proxyServer.ServerCertificateValidationCallback -= OnCertificateValidation;
            proxyServer.ClientCertificateSelectionCallback -= OnCertificateSelection;


Sample request and response event handlers

        public async Task OnRequest(object sender, SessionEventArgs e)

            ////read request headers
            var requestHeaders = e.WebSession.Request.RequestHeaders;

            var method = e.WebSession.Request.Method.ToUpper();
            if ((method == "POST" || method == "PUT" || method == "PATCH"))
                //Get/Set request body bytes
                byte[] bodyBytes = await e.GetRequestBody();
                await e.SetRequestBody(bodyBytes);

                //Get/Set request body as string
                string bodyString = await e.GetRequestBodyAsString();
                await e.SetRequestBodyString(bodyString);


            //To cancel a request with a custom HTML content
            //Filter URL
            if (e.WebSession.Request.RequestUri.AbsoluteUri.Contains("google.com"))
                await e.Ok("<!DOCTYPE html>" +
                      "<html><body><h1>" +
                      "Website Blocked" +
                      "</h1>" +
                      "<p>Blocked by titanium web proxy.</p>" +
                      "</body>" +
            //Redirect example
            if (e.WebSession.Request.RequestUri.AbsoluteUri.Contains("wikipedia.org"))
                await e.Redirect("https://www.paypal.com");

        //Modify response
        public async Task OnResponse(object sender, SessionEventArgs e)
            //read response headers
            var responseHeaders = e.WebSession.Response.ResponseHeaders;

            //if (!e.ProxySession.Request.Host.Equals("medeczane.sgk.gov.tr")) return;
            if (e.WebSession.Request.Method == "GET" || e.WebSession.Request.Method == "POST")
                if (e.WebSession.Response.ResponseStatusCode == "200")
                    if (e.WebSession.Response.ContentType!=null && e.WebSession.Response.ContentType.Trim().ToLower().Contains("text/html"))
                        byte[] bodyBytes = await e.GetResponseBody();
                        await e.SetResponseBody(bodyBytes);

                        string body = await e.GetResponseBodyAsString();
                        await e.SetResponseBodyString(body);

        /// Allows overriding default certificate validation logic
        public Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
            //set IsValid to true/false based on Certificate Errors
            if (e.SslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
                e.IsValid = true;

            return Task.FromResult(0);

        /// Allows overriding default client certificate selection logic during mutual authentication
        public Task OnCertificateSelection(object sender, CertificateSelectionEventArgs e)
            //set e.clientCertificate to override

            return Task.FromResult(0);

Future roadmap

  • Support Server Name Indication (SNI) for transparent endpoints
  • Support HTTP 2.0
  • Support upstream AutoProxy detection
  • Support SOCKS protocol
  • Implement Kerberos/NTLM authentication over HTTP protocols for windows domain